<?php

//dbquery - Vraag usergegevens op
function dbquery($mysql_username) {
//Connect to host and select DB
    mysql_connect('localhost', 'webmaster', 'password');
    mysql_select_db('pvirt');

//Set parameters for query
// Formulate Query
    $query = sprintf("SELECT userid, username, firstname, lastname, email FROM users
            WHERE username='%s'", mysql_real_escape_string($mysql_username));

// Perform Query
    $result = mysql_query($query);

// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
    if (!$result) {
        $message = 'Invalid query: ' . mysql_error() . "\n";
        $message .= 'Whole query: ' . $query;
        die($message);
    }

// Use result
// Attempting to print $result won't allow access to information in the resource
// One of the mysql result functions must be used
// See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
    while ($row = mysql_fetch_assoc($result)) {
        echo "<table border=\"1\">
                    <tr><td><b>UserID</b></td><td><b>Username</b></td><td><b>Name</b></td><td><b>E-Mail</b></td></tr>
                    <tr><td>", $row['userid'], "</td><td>", $row['username'], "</td><td>", $row['firstname'], " ", $row['lastname'], "</td><td>", $row['email'], "</td></tr>
                    </table>";
    }

// Free the resources associated with the result set
// This is done automatically at the end of the script
    mysql_free_result($result);
}

//dbinsert - Voeg UserID met password toe, dbinsert encrypt 't
function dbinsert($dbinsert_userid, $dbinsert_password) {
//Connect to host and select DB
    mysql_connect('localhost', 'webmaster', 'password');
    mysql_select_db('pvirt');

//Generate salt
    function genSalt() {
        $length = 2;
        $characters = "abcdefghijklmnopqrstuvwxyz";

        for ($p = 0; $p < $length; $p++) {
            $saltstring .= $characters[mt_rand(0, strlen($characters))];
        }

        return $saltstring;
    }

    $dbinsert_salt = genSalt();
//Generate encrypted password
    $dbinsert_crypt_pwd = crypt($dbinsert_password, $dbinsert_salt);
//Definieer de SQL query
    $query = sprintf("INSERT INTO auth (userid, password, salt)
            VALUES ('%s','%s','%s')", mysql_real_escape_string($dbinsert_userid), mysql_real_escape_string($dbinsert_crypt_pwd), mysql_real_escape_string($dbinsert_salt));

// Perform Query
    mysql_query($query);
}

//dbpwcheck - Controlleer of het password gebruikt is om de hash van de database auth tabel te maken
function dbpwcheck($userid, $dbpwcheck_password) {
//Connect to host and select DB
    mysql_connect('localhost', 'webmaster', 'password');
    mysql_select_db('pvirt');

//Set parameters for query
// Formulate Query
    $query = sprintf("SELECT userid, password, salt FROM auth
            WHERE userid='%s'", mysql_real_escape_string($userid));

// Perform Query
    $result = mysql_query($query);


    $row = mysql_fetch_assoc($result);
    echo "$dbpwcheck_password";
//Encrypt het password met de salt uit de auth tabel en het user-submitted password
    $encpwd = crypt($dbpwcheck_password, $row['salt']);
    echo $row['password'];
//Check of het password wel voorkomt in de database
    if ($row['password'] != NULL) {
//Controlleer of de passwords matchen
        if ($row['password'] == $encpwd) {
            echo "Authentication complete!";
            session_start();
            $_SESSION['userid'] = $userid;
            $_SESSION['password'] = $row['password'];
        } else {
            echo "Authentication failure";
        }
    } else {
        echo "Failure";
    }
//Debugging info
    echo "<br />";
    echo "mysql ", $row['password'];
    echo "<br />";
    echo "user submitted ", $encpwd;
}

?>
